Problem
- The security concept and overall architecture of #2099741: Protect WYSIWYG Editors from XSS Without Destroying User Data is not documented anywhere, aside from that issue's summary.
Goal
- As a developer who (1) is experiencing a "weird" behavior of HTML tags suddenly being removed out of nowhere or (2) who wants to write code that happens to have to integrate with the front-end XSS security concept, I want to be able to find and read a bird-level description of the architectural concept, so that I can understand it and be sure that I'm not doing Something Completely Stupid™. :-)
Comments
Comment #1
tim.plunkettCriticals are release blocking, this does not seem to be that.
Comment #2
sunComment #3
mgiffordWhere should this be added?
So we've got this class:
Is it documenting what is in EditorSecurityTest.php?
Comment #4
mgiffordComment #5
Wim LeersThis is now documented at https://www.drupal.org/developing/api/8/editor.
Comment #6
mgiffordThanks Wim!